// PREREQUISITS: scrdec14.exe must reside in the same directory as this

// file. If you don't have it you can get it at

// http://www.virtualconspiracy.com/index.php?page=scrdec/download

// If you use a proxy server you MUST have MSXML4 or greater.

// For some reason MSXML5 isn't publicly available for download

// so here's MSXML4:

// http://www.microsoft.com/downloads/details.aspx?familyid=3144b72b-b4f2-46da-b4b6-c5d7485f2b42&languageid=f49e8428-7071-4979-8a67-3cffcb0c2524&displaylang=en

// If you don't use a proxy server you can get away

// with using MSXML3 if you already have it, progid "MSXML2.ServerXmlHttp.3.0"

var baseUrl = "http://hideit.siteexperts.com/";

// Here I'm just setting up the XMLHTTP object. This really has nothing

// to do with XML, I'm just using it as a really powerful yet easy

// to use object to make HTTP Requests

var xml = WScript.CreateObject("MsXml2.ServerXmlHttp.4.0");

// If you use a proxy server you must configure it

// here otherwise comment the following statement

xml.setProxy(2,"[IP]:[PORT]");

// First we get hide.asp

xml.open("GET",baseUrl + "hide.asp",false);

xml.send();

// Now extract the GUID generated by the request

var s= xml.responseText;

var pos= s.indexOf("pass=");

var pass= s.substr(pos+5,32);

// And use it to make the request to hidden.asp

xml.open("GET",baseUrl + "hidden.asp?pass=" + pass ,false);

// Of course we need to set these HTTP headers or the fake code will be sent

xml.setRequestHeader("User-Agent","MSIE 6");

xml.setRequestHeader("Referer",baseUrl + "hide.asp");

xml.send();

// realCode now contains the REAL code becuase all the criteria

// have been met including the 1 second timeout

var realCode = xml.responseText;

xml = null;

// There is quite a bit of extraneous code returned

// This just gives the relevant escaped data

realCode = realCode.substr(realCode.lastIndexOf("unescape")+10);

realCode = realCode.substr(0,realCode.length-5);

// Now for the unravelling of the first layer of encoding

realCode = unescape(realCode);

// At this point realCode contains

// "document.write('<script language=jscript.encode>[encoded script]</script>');"

// The useful part is the [encoded script]. We have to trim its surroundings

realCode = realCode.substr(48);

realCode = realCode.substr(0,realCode.length-12);

// Because all that encoded junk was held within

// a JavaScript string literal it's special chatacters

// are escaped with \. We have to fix this before going

// any further.

realCode = realCode.replace(/\\\\/g,"\\");

// Now it's time to decode the JSCRIPT.ENCODE with

// scrdec14. Since this is a command line tool that works on files

// we have to save the realCode to a file.

var fso = WScript.CreateObject("Scripting.FileSystemObject");

var f = fso.CreateTextFile("Erealcode.js");

f.Write(realCode);

f.close();

f = null;

// Now that realCode is in a file we can run

// scrdec14 on it.

var shell = WScript.CreateObject("WScript.Shell");

shell.Run("scrdec14 Erealcode.js realcode.js", 1, true);

shell = null;

// We're done with Erealcode.js so kill it

// (scrdec14 doesn't work right when you specify the

// same file for in and out which is why we have 2 files)

fso.DeleteFile("Erealcode.js");

// And now the decoded script is in realcode.js

f = fso.OpenTextFile("realcode.js",1);

realCode = f.ReadAll();

f.close();

// At this point realCode contains one more encoded version of

// the ACTUAL REAL CODE and a bunch of crap who's purpose is

// to hide the real code. First get rid of the crap.

realCode = realCode.substr(realCode.lastIndexOf("unescape")+10);

realCode = realCode.substr(0, realCode.length-4);

// Now to remove the last of the encoding

realCode = unescape(realCode);

// realCode now truly is the REAL CODE!

// Now lets format it with some line breaks.

realCode = realCode.replace(/(\*\/|;)/g,"$1\r\n");

// And write it back out to realcode.js

f = fso.OpenTextFile("realcode.js",2,true);

f.Write(realCode);

f.Close();

fso = f = null;

WScript.Echo('Done! Take a look in "realcode.js".');